We will always respect your privacy, dignity and your religious and cultural beliefs particularly when intimate examinations are advisable – these will only be carried out with your express agreement and you will be offered a chaperone to attend the examination if you so wish.

You may also request a chaperone when making the appointment or on arrival at the surgery (please let the receptionist know) or at any time during the consultation.

You can be assured that anything you discuss with any member of the surgery staff, whether doctor, nurse or receptionist, will remain confidential. Even if you are under 16, nothing will be said to anyone, including parents, other family members, care workers or teachers, without your permission. The only reason why we might want to consider passing on confidential information without your permission would be to protect either you or someone else from serious harm. In this situation, we would always try to discuss this with you first.

If you have any worries or queries about confidentiality, please ask a member of staff.

If you would like to discuss matters of a confidential nature, either with our receptionists or a member of the dispensary team, we have a side room available in reception for this purpose.

We need to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstance you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone or fax unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent, and we do not, leave messages with others.

You have a right to see your records if you wish. Please ask at reception if you would like further details about our patient information leaflet. An appointment may be required. In some circumstances a fee may be payable.

There is access through the main door. We have a wheelchair available for use in surgery.

Hearing Difficulties

If you are experiencing hearing difficulties when being called in to see the doctor or nurse, please do let us know in order for us to set up an alert on your medical records and personally collect you from the waiting room. Alternatively, we do have the facility of a portable induction loop. If you would like to use this, please ask at reception for assistance.

NHS England requires that net earnings of doctors engaged in the practice is publicised and for the required disclosure is shown below. However, it should be noted that the prescribed method for calculated earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.

All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.

The average earnings for GPs working at Mullion and Constantine Group Practice in the last financial year was £43,397 before tax and National Insurance. This is for 7 part-time GPs and 4 locum GPs who worked in the practice for more than six months.

This practice is committed to preserving, as far as is practical, the security of data used by our information systems. This means that we will take all reasonable actions to;

Maintain the Confidentiality of all data within the practice by:

• Ensuring that only authorised persons can gain access to our systems
• Not disclosing information to anyone who has no right to see it

Maintain the integrity of all data within the practice by:

• Taking care over input
• Ensuring that all changes are reported and monitored
• Checking that the correct record is on the screen before updating
• Reporting all apparent errors and ensuring that they are resolved

Maintain the availability of all data by:

• Ensuring that all equipment is protected from intruders
• Ensuring that backups are taken at regular, predetermined intervals
• Ensuring that contingency is provided for possible failure or equipment theft and that any such contingency plans are tested and kept up to date

Additionally we will take all reasonable measures to comply with our legal responsibilities under:

• The Data Protection Act (2018)
• The Health and Safety at Work Act (1992)
• The Access to Health Records Act (1990)

The following IT systems are in use at the practice:

• Referral Management (using NHS numbers in referrals)
• Electronic Appointment Booking (the facility to book routine appointments online and, similarly, to cancel appointments
• Online booking of repeat prescriptions
• Summary Care Record (uploading details of your current medication and allergies to the national “spine” so that these are available for doctors involved in your care elsewhere)
• GP to GP transfers (the electronic transfer of records from practice to practice when you re-register
• Patient Access to records (the facility to view your medical records online).

If you are not already registered for online access and would like to be please complete our online form.

If you would like access to your medical records enabled or would like to opt out of the local or national summary care record, please contact reception.

Mullion & Constantine Group Practice

Data Protection Privacy Notice for Patients

Introduction:

This privacy notice lets you know what happens to any personal data that you give to us, or any
information that we may collect from you or about you from other organisations.

This privacy notice applies to personal information processed by or on behalf of the practice.

This Notice explains

. Who we are and how we use your information
. Information about our Data Protection Officer
. What kinds of personal information about you we hold and use (process)
. The legal grounds for our processing of your personal information (including when we share it
with others)
. What should you do if your personal information changes?
. For how long your personal information is retained / stored by us?
. What are your rights under Data Protection laws

The UK General Data Protection Regulation (UKGDPR) and the Data Protection Act 2018 (DPA
2018) became law on 25th May 2018, and 1st January 2021 when the UK exited the EU.

For the purpose of applicable data protection legislation (including but not limited to the General Data
Protection Regulation (Regulation (UK) 2016/679) (the “UKGDPR”), and the Data Protection Act 2018
the practice responsible for your personal data is [Practice Name].

This Notice describes how we collect, use and process your personal data, and how in doing so, we
comply with our legal obligations to you. Your privacy is important to us, and we are committed to
protecting and safeguarding your data privacy rights.

How we use your information and the law.

Mullion & Constantine Group Practice will be what’s known as the ‘Controller’ of your personal data.

We collect basic personal data about you and location-based information. This does include name,
address and contact details such as email and mobile number etc.

We will also collect sensitive confidential data known as “special category personal data”, in the form
of health information, religious belief (if required in a healthcare setting) ethnicity and sex life
information that are linked to your healthcare, we may also receive this information about you from
other health providers or third parties.

Why do we need your information?
The health care professionals who provide you with care maintain records about your health and any
treatment or care you have received previously. These records help to provide you with the best
possible healthcare and treatment.

NHS health records may be electronic, paper-based or a mixture of both. We use a combination of
working practices and technology to ensure that your information is kept confidential and secure.

Records about you may include the following information;

. Details about you, such as your address, your carer or legal representative and
emergency contact details.
. Any contact the surgery has had with you, such as appointments, clinic visits, emergency
appointments.
Notes and reports about your health.
. Details about your treatment and care.
. Results of investigations such as laboratory tests, x-rays etc.
Relevant information from other health professionals, relatives or those who care for you.
. Contact details (including email address, mobile telephone number and home telephone
number)

To ensure you receive the best possible care, your records are used to facilitate the care you receive,
including contacting you. Information held about you may be used to help protect the health of the
public and to help us manage the NHS and the services we provide. Limited information may be used
within the GP practice for clinical audit to monitor the quality of the service we provided.

How do we lawfully use your data?

We need your personal, sensitive and confidential data in order to provide you with healthcare
services as a General Practice, under the General Data Protection Regulation we will be lawfully
using your information in accordance with: –

Article 6, e) processing is necessary for the performance of a task camied out in the public
interest or in the exercise of official authority vested in the controller,”

Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for
the assessment of the working capacity of the employee, medical diagnosis, the provision of
health or social care or treatment or the management of health or social care systems

This Privacy Notice applies to the personal data of our patients and the data you have given us about
your carers/family members.

We use your personal and healthcare information in the following ways:

. when we need to speak to, or contact other doctors, consultants, nurses or any other
medical/healthcare professional or organisation during the course of your diagnosis or
treatment or on going healthcare;

. when we are required by law to hand over your information to any other organisation, such
as the police, by court order, solicitors, or immigration enforcement.

. Ina de-identified form tosupport planning of health services and to improve health outcomes
for our population

We will never pass on your personal information to anyone else who does not need it, or has no
right to it, unless you give us consent to do so.

Legal justification for collecting and using your information

The law says we need a legal basis to handle your personal and healthcare information.

Contract: We have a contract with NHS England to deliver healthcare services to you. This contract
provides that we are under a legalobligation to ensure that we deliver medical and healthcare
services to the public.

Consent: Sometimes we also rely on the fact that you give us consent to use your personal and
healthcare information so that we can take care of your healthcare needs.

Please note that you have the right to withdraw consent at any time if you no longer wishto receive
services from us.

Necessary care: Providing you with the appropriate healthcare, where necessary. The Law refers to
this as ‘protecting your vitalinterests’ where you may be in a position not to be able to consent.

Law: Sometimes the law obliges us to provide your information to an organisation (see above).

Special categories

The law states that personal information about your health falls into a special category of
information because it is very sensitive. Reasons that may entitle us to use and process your
information maybe as follows:

Public Interest: Where we may need to handle your personal information when it is considered to
be in the public interest. For example, when there is an outbreak of a specific disease and we need
to contact you for treatment, or we need to pass your information to relevant organisations to
ensure you receive advice and/or treatment

Consent: When you have given us consent

Vital Interest: If you are incapable of giving consent, and we have to use your information to protect
your vitalinterests (e.g. if you have had an accident and you need emergency treatment)

Defending a claim: If we need your information to defend a legal claim against us by you, or by
another party

Providing you with medical care: Where we need your information to provide you with medical and
healthcare services

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk
of suffering a condition, preventing an unplanned or (re)admission and identifying a need for
preventive intervention. Information about you is collected from several sources including NHS Trusts
and from this GP Practice. The identifying parts of your data are removed, analysis of your data is
undertaken, and a risk score is then determined. This is then provided back to your GP as data
controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health
and not just the treatment of sickness. If necessary, your GP may be able to offer you additional
services. Please note that you have the right to opt out of your data being used in this way in most
circumstances, please contact the practice for further information about opt out.

Individual Risk Management at a GP practice level however is deemed to be part of your individual
healthcare and is covered by our legal powers above.

Anonymised information

Sometimes we may provide information about you in an anonymised form. Such information is used
analyse population- level heath issues, and helps the NHS to plan better services. If we share
information for these purposes, then none of the information will identify you as an individual and
cannot be traced back to you.

Medicines Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients.
This service performs a review of prescribed medications to ensure patients receive the most
ap propriate, up to date and cost-effective treatments. The reviews are carried out by the CCGs
Medicines Management Team under a Data Processing contract with the Practice.

GP Connect Service

The GP Connect service allows authorised clinical staff at NHS 111 to seamlessly access our practice’s
clinical system and book directly on behalf of a patient. This means that should you call NHS 111 and
the clinician believes you need an appointment with your GP Practice, the clinician will access
available appointment slots only (through GP Connect) and book you in. This will save you time as
you will not need to contact the practice direct for an appointment.

The practice will not be sharing any of your data and the practice will only allow NHS 111 to see
available appointment slots. They will not even have access to your record. However, NHS 111 will
share any relevant data with us, but you will be made aware of this. This will help your GP in
knowing what treatment/service / help you may require.

Please note if you no longer require the appointment or need to change the date and time for any
reason you will need to speak to one of our reception staff and not NHS 111.

Patient Communication

Because we are obliged to protect any confidential information we hold about you and we take this
very seriously, it is imperative that you let us know immediately if you change any of your contact
details.

We may contact you using SMS texting to your mobile phone in the event that we need to notify you
about appointments and other services that we provide to you involving your direct care, therefore
you must ensure that we have your up to date details. This is to ensure we are sure we are actually
contacting you and not another person. As this is operated on an’opt out’ basis we will assume that
you give us permission to contact you via SMS if you have provided us with your mobile telephone
number. Please let us know if you wish to opt out of this SMS service. We may also contact you using
the email address you have provided to us. Please ensure that we have your up to date details.

There may be occasions where authorised research facilities would like you to take part in research.
Your contact details may be used to invite you to receive further information about such research
opportunities.

Safeguarding

The Practice is dedicated to ensuring that the principles and duties of safeguarding adults and
children are holistically, consistently and conscientiously applied with the wellbeing of all, at the heart
of what we do.

Our legal basis for processing For the General Data Protection Regulation (GDPR) purposes is: –
Article 6(1)(e) ‘ … exercise of official authority … ‘.
For the processing of special categories data, the basis is: –
Article 9(2)(b) – ‘processing is necessary for the purposes of carrying out the obligations and
exercising specific rights of the controller or of the data subject in the field of employment and
social security and social protection law … ‘

Research

Clinical Practice Research Datalink (CPRD) collects de-identified patient data from a network of GP
practices across the UK. Primary care data are linked to a range of other health related data to
provide a longitudinal, representative UK population health dataset. You can opt out of your
information being used for research purposes at any time (see below), full details can be found here: –

https://cprd.com/transparency-information

The legal bases for processing this information
CPRD do not hold or process personal data on patients; however, NHS Digital (formally the Health
and Social Care Centre) may process ‘personal data’ for us as an accredited ‘safe haven’ or ‘trusted
third-party’ within the NHS when linking GP data with data from other sources. The legal bases for
processing this data are:

. Medicines and medical device monitoring: Article 6(e) and Article 9(2)(i) – public interest in the
area of public health
. Medical research and statistics: Article 6(e) and Article 9(2)(j) – public interest and scientific
research purposes

Any data CPRD hold or pass on to bona fide researchers, except for clinical research studies, will
have been anonymised in accordance with the Information Commissioner’s Office Anonymisation
Code of Practice. We will hold data indefinitely for the benefit of future research, but studies will
normally only hold the data we release to them for twelve months.

Categories of personal data
The data collected by Practice staff in the event of a safeguarding situation will be as much personal
information as is possible that is necessary to obtain in order to handle the situation. In addition to
some basic demographic and contact details, we will also process details of what the safeguarding
concern is. This is likely to be special category information (such as health information).
Sources of the data

The Practice will either receive or collect information when someone contacts the organisation with
safeguarding concerns, or we believe there may be safeguarding concerns and make enquiries to
relevant providers.

Recipients of personal data
The information is used by the Practice when handling a safeguarding incident or concern. We may
share information accordingly to ensure duty of care and investigation as required with other partners
such as local authorities, the police or healthcare professionals (i.e. their GP or mental health team).

Third party processors

In order to deliver the best possible service, the practice will share data (where required) with other
NHS bodies such as other GP practices and hospitals. In addition, the practice will use carefully
selected third party service providers. When we use a third party service provider to process data on
our behalf then we will always have an appropriate agreement in place to ensure that they keep the
data secure, that they do not use or share information other than in accordance with our instructions
and that they are operating appropriately. Examples of functions that may be carried out by third
parties include:

. Companies that provide IT services & support, including our core clinical systems; systems
which manage patient facing services (such as our website and service accessible through
the same); data hosting service providers; systems which facilitate appointment bookings or
electronic prescription services; document management services etc.
. Delivery services (for example if we were to arrange for delivery of any medicines to you).
. Payment providers (if for example you were paying for a prescription or a service such as
travel vaccinations).

Further details regarding specific third-party processors can be supplied on request to the Data
Protection Officer as below.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in
accordance with:

Data Protection Act 2018
The General Data Protection Regulations 2016
Human Rights Act 1998
Common Law Duty of Confidentiality
NHS Codes of Confidentiality, Information Security and Records Management
Information to Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information
about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine
need for it. We will not disclose your information to any third party without your permission unless
there are exceptional circumstances (i.e. life or death situations), where the law requires information
to be passed on and / or in accordance with the information sharing principle following Dame Fiona
Caldicott’s information sharing review (Information to share or not to share) where “The duty to share
information can be as important as the duty to protect patient confidentiality.” This means that health
and social care professionals should have the confidence to share information in the best interests of
their patients within the framework set out by the Caldicott principles.

National Opt-Out Facility

You can choose whether your confidential patient information is used for research and
planning.

Who can use your confidential patient information for research and planning?

It is used by the NHS, local authorities, university and hospital researchers, medical colleges and
pharmaceutical companies researching new treatments.

Making your data opt-out choice

You can choose to opt out of sharing your confidential patient information for research and planning.
There may still be times when your confidential patient information is used: for example, during an
epidemic where there might be a risk to you or to other people’s health. You can also still consent to
take part in a specific research project.

Will choosing this opt-out affect your care and treatment?

No, your confidential patient information will still be used for your individual care. Choosing to opt out
will not affect your care and treatment. You will still be invited for screening services, such as
screenings for bowel cancer.

What should you do next?

You do not need to do anything if you are happy about how your confidential patient information is
used.

If you do not want your confidential patient information to be used for research and planning, you can
choose to opt out securely online or through a telephone service.

You can change your choice at any time. To find out more or to make your choice visit
nhs.uk/your-nhs-data-matters or call 0300 303 5678

.
.

NHS Digital Data Collection from the Practice
The NHS needs data about the patients it treats to plan and deliver its services and to ensure that
care and treatment provided is safe and effective. The General Practice Data for Planning and
Research data collection will help the NHS to improve health and care services for everyone by
collecting patient data that can be used to do this. For example patient data can help the NHS to:

. monitor the long-term safety and effectiveness of care
plan how to deliver better health and care services
prevent the spread of infectious diseases
. identify new treatments and medicines through health research

GP practices already share patient data for these purposes, but this new data collection will be more
efficient and effective.

This means that GPs can get on with looking after their patients, and NHS Digital can
provide controlled access to patient data to the NHS and other organisations who need to use it, to
improve health and care for everyone.

Contributing to research projects will benefit us all as better and safer treatments are introduced more
quickly and effectively without compromising your privacy and confidentiality.

NHS Digital has engaged with the British Medical Association (BMA), Roval College of GPs
(RCGP) and the National Data Guardian (NDG) to ensure relevant safeguards are in place for
patients and GP practices.

NHS Digital purposes for processing patient data

Patient data from GP medical records kept by GP practices in England is used every day to improve
health, care and services through planning and research, helping to find better treatments and
improve patient care. The NHS is introducing an improved way to share this information – called the
General Practice Data for Planning and Research data collection.

NHS Digital will collect, analyse, publish and share this patient data to improve health and care
services for everyone. This includes:

. informing and developing health and social care policy
. planning and commissioning health and care services
. taking steps to protect public health (including managing and monitoring the coronavirus
pandemic)
. in exceptional circumstances, providing you with individual care
enabling healthcare and scientific research

Any data that NHS Digital collects will only be used for health and care purposes. It is never shared
with marketing or insurance companies.

What patient data NHS Digital collect

Patient data will be collected from GP medical records about:

. any living patient registered at a GP practice in England when the collection started – this
includes children and adults
. any patient who died after the data collection started, and was previously registered at a GP
practice in England when the data collection started

While 1 September has been seen by some as a cut-off date for opt-out, after which data extraction
would begin, Government has stated this will not be the case and data extraction will not
commence until NHS Digital have met the tests.

The NHS is introducing three changes to the opt-out system which mean that patients will be able to
change their opt-out status at any time:

. Patients do not need to register a Type 1 opt-out by 1 September to ensure their GP data
will not be uploaded
. NHS Digital will create the technical means to allow GP data that has previously been
uploaded to the system via the GPDPR collection to be deleted when someone
registers a Type 1 opt-out
. The plan to retire Type 1 opt-outs will be deferred for at least 12 months while we get the
new arrangements up and running, and will not be implemented without consultation with the
RCGP, the BMA and the National Data Guardian

We will not collect your name or where you live. Any other data that could directly identify you, for
example NHS number, General Practice Local Patient Number, full postcode and date of birth, is
replaced with unique codes which are produced by de-identification software before the data is
shared with NHS Digital.

This process is called pseudonymisation and means that no one will be able to directly identify you in
the data. The diagram below helps to explain what this means. Using the terms in the diagram, the
data we collect would be described as de-personalised.

Image provided by Understanding Patient Data under licence

NHS Digital will be able to use the same software to convert the unique codes back to data that could
directly identify you in certain circumstances, and where there is a valid legal reason. Only NHS
Digital has the ability to do this. This would mean that the data became personally identifiable data in
the diagram above. An example would be where you consent to your identifiable data being shared

images, letters and documents

with a research project or clinical trial in which you are participating, as they need to know the data is
about you.

More information about when we may be able to re-identify the data is in the who we share your
patient data with section below.

The NHS Digital programme will be providing further information as the programme progresses. In the
meantime, if you have any questions, you can contact the programme at enquiries@nhsdigital.nhs.uk.

The NHS Digital web pages also provide further information at https://digital.nhs.uk/data-and-
information/data-collections-and-data-sets/data-collections/general-practice-data-for-planning-and-
research#additional-information-for-gp-practices.

The Data NHD Digital collect

We will only collect structured and coded data from patient medical records that is needed for specific
health and social care purposes explained above.

Data that directly identifies you as an individual patient, including your NHS number, General Practice
Local Patient Number, full postcode, date of birth and if relevant date of death, is replaced with unique
codes produced by de-identification software before it is sent to NHS Digital. This means that no one
will be able to directly identify you in the data.

NHS Digital will be able to use the software to convert the unique codes back to data that could
directly identify you in certain circumstances, and where there is a valid legal reason. This would
mean that the data became personally identifiable in the diagram above. It will still be held securely
and protected, indluding when it is shared by NHS Digital.

NHS Digital will collect

. data on your sex, ethnicity and sexual orientation
. clinical codes and data about diagnoses, symptoms, observations, test results, medications,
allergies, immunisations, referrals and recalls, and appointments, including information about
your physical, mental and sexual health
. data about staff who have treated you

More detailed information about the patient data we collect is contained in the Data Provision Notice
issued to GP practices.

NHS Digital Does not collect.

. your name and address (except for your postcode in unique coded form)
written notes (free text), such as the details of conversations with doctors and nurses
.
. coded data that is not needed due to its age – for example medication, referral and
appointment data that is over 10 years old
. coded data that GPs are not permitted to share by law-for example certain codes about IVF
treatment, and certain information about gender re-assignment

Opting out of NHS Digital collecting your data (Type 1 Opt-out)

If you do not want your identifiable patient data (personally identifiable data in the diagram above) to
be shared outside of your GP practice for purposes except for your own care, you can register an opt-
out with your GP practice. This is known as a Type 1 Opt-out.

Type 1 Opt-outs were introduced in 2013 for data sharing from GP practices, but may be discontinued
in the future as a new opt-out has since been introduced to cover the broader health and care system,
called the National Data Opt-out. If this happens people who have registered a Type 1 Opt-out will be
informed. More about National Data Opt-outs is in the section Who we share patient data with.

NHS Digital will not collect any patient data for patients who have already registered a Type 1 Opt-out
in line with current policy. If this changes patients who have registered a Type 1 Opt-out will be
informed.

If you do not want your patient data shared with NHS Digital, you can register a Type 1 Opt-out with
your GP practice. You can register a Type 1 Opt-out at any time. You can also change your mind at
any time and withdraw a Type 1 Opt-out.

Data sharing with NHS Digital will starton 1 September 2021.

If you have already registered a Type 1 Opt-out with your GP practice your data will not be shared
with NHS Digital.

If you wish to register a Type 1 Opt-out with your GP practice before data sharing starts with NHS
Digital, this should be done by retumning this form to your GP practice. If you have previously
registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this.
You can send the form by post or email to your GP practice or call 0300 3035678 for a form to be sent
out to you.

If you register a Type 1 Opt-out after your patient data has already been shared with NHS Digital, no
more of your data will be shared with NHS Digital. NHS Digital will however still hold the patient data
which was shared with us before you registered the Type 1 Opt-out

If you do not want NHS Digital to share your identifiable patient data (personally identifiable data in
the diagram above) with anyone else for purposes beyond your own care, then you can also register
a National Data Opt-out. There is more about National Data Opt-outs and when they apply in
the National Data Opt-out section below.

NHS Digital legal basis for collecting, analysing and sharing patient data.

When we collect, analyse, publish and share patient data, there are strict laws in place that we must
follow. Under the UK General Data Protection Regulation (GDPR), this includes explaining to you
what legal provisions apply under GDPR that allows us to process patient data. The GDPR protects
everyone’s data.

NHS Digital has been directed by the Secretary of State for Health and Social Care under the General
Practice Data for Planning and Research Directions 2021 to collect and analyse data from GP
practices for health and social care purposes including policy, planning, commissioning, public health
and research purposes.

NHS Digital is the controller of the patient data collected and analysed under the GDPR jointly with
the Secretary of State for Health and Social Care.

All GP practices in England are legally required to share data with NHS Digital for this purpose under
the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained
in the Data Provision Notice issued by NHS Digital to GP practices.

NHS Digital has various powers to publish anonymous statistical data and to share patient data under
sections 260 and 261 of the 2012 Act. It also has powers to share data under other Acts, for example
the Statistics and Registration Service Act 2007.

Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 (COPI) also
allow confidential patient information to be used and shared appropriately and lawfully in a public
health emergency. The Secretary of State has issued legal notices under COPI (COPI Notices)
requiring NHS Digital, NHS England and Improvement, arm’s-length bodies (such as Public Health
England), local authorities, NHS trusts, clinical commissioning groups and GP practices to share
confidential patient information to respond to the COVID-19 outbreak. Any information used or shared
during the COVID-19 outbreak will be limited to the period of the outbreak unless there is another
legal basis to use confidential patient information.

The legal basis under UKGDPR for General Practice Data for Planning and Research

How NHS Digital use patient data

NHS Digital will analyse and link the patient data we collect with other patient data we hold to create
national data sels and for data quality purposes.

NHS Digital will be able to use the de-identification software to convert the unique codes back to data
that could directly identify you in certain circumstances for these purposes, where this is necessary
and where there is a valid legal reason. There are strict internal approvals which need to be in place
before we can do this and this will be subject to independent scrutiny and oversight by
the Independent Group Advising on the Release of Data (IGARD).

These national data sets are analysed and used by NHS Digital to produce national statistics and
management information, including public dashboards about health and social care which are
published. We never publish any patient data that could identify you. All data we publish is
anonymous statistical data.

For more information about data we publish see Data and Information and Data Dashboards.

We may also carry out analysis on national data sets for data quality purposes and to support the
work of others for the purposes set out in Our purposes for processing patient data section above.

Who NHS Digital share patient data with

All data which is shared by NHS Digital is subject to robust rules relating to privacy, security and
confidentiality and only the minimum amount of data necessary to achieve the relevant health and
social care purpose will be shared.

All requests to access patient data from this collection, other than anonymous aggregate statistical
data, will be assessed by NHS Digital’s Data Access Request Service, to make sure that
organisations have a legal basis to use the data and that it will be used safely, securely and
approprialely.

These requests for access to patient data will also be subject to independent scrutiny and oversight
by the Independent Group Advising on the Release of Data (IGARD). Organisations approved to use
this data will be required to enter into a data sharing agreement with NHS Digital regulating the use of
the data.

There are a number of organisations who are likely to need access to different elements of patient
data from the General Practice Data for Planning and Research collection. These include but may not
be limited to:

. the Department of Health and Social Care and its executive agencies, including Public Health
England and other government departments
. NHS England and NHS Improvement
primary care networks (PCNs), clinical commissioning groups (CCGs) and integrated care
organisations (ICOs)

.
.

. local authorities
. research organisations, including universities, charities, clinical research organisations that
run clinical trials and pharmaceutical companies

If the request is approved, the data will either be made available within a secure data access
environment within NHS Digital infrastructure, or where the needs of the recipient cannot be met this
way, as a direct dissemination of data. We plan to reduce the amount of data being processed outside
central, secure data environments and increase the data we make available to be accessed via our
secure data access environment. For more information read about improved data access in improving
our data processing services.

Data will always be shared in the uniquely coded form (de-personalised data in the diagram above)
unless in the circumstances of any specific request it is necessary for it to be provided in
an identifiable form (personally identifiable data in the diagram above). For example, when express
patient consent has been given to a researcher to link patient data from the General Practice for
Planning and Research collection to data the researcher has already obtained from the patient.

It is therefore possible for NHS Digital to convert the unique codes back to data that could directly
identify you in certain circumstances, and where there is a valid legal reason which permits this
without breaching the common law duty of confidentiality. This would include:

where the data was needed by a health professional for your own care and treatment
where you have expressly consented to this, for example to participate in a clinical trial
. where there is a legal obligation, for example where the COPI Notices apply – see Our legal
basis for collecting, analysing and sharing patient data above for more information on this
. where approval has been provided by the Health Research Authority or the Secretary of Stale
with support from the Confidentiality Advisory Group (CAG) under Regulation 5 of the Health
Service (Control of Patient Information) Regulations 2002 (COPI) – this is sometimes known
as a ‘section 251 approval’

This would mean that the data was personally identifiable in the diagram above. Re-identification of
the data would only take place following approval of the specific request through the Data Access
Request Service, and subject to independent assurance by IGARD and consultation with the
Professional Advisory Group, which is made up of representatives from the BMA and the RCGP. If
you have registered a National Data Opt-out, this would be applied in accordance with the National
Data Opt-out policy before any identifiable patient data (personally identifiable data in the diagram
above) about you was shared. More about the National Data Opt-out is in the section below.

Details of who we have shared data with, in what form and for what purposes are published on
our data release register.

Where NHS digital stores patient data

NHS Digital only stores and processes patient data for this data collection within the United Kingdom
(UK).

Fully anonymous data (that does not allow you to be directly or indirectly identified), for example
statistical data that is published, may be stored and processed outside of the UK. Some of our
processors may process patient data outside of the UK. If they do, we will always ensure that the
transfer outside of the UK complies with data protection laws.

Where do we store your information electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT
hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate
safeguards have been put in place such as a Data Processor as above). We have a Data Protection
regime in place to oversee the effective and secure processing of your personal and or special
category (sensitive, confidential) data.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with
the following organisations;

. NHS Trusts / Foundation Trusts
GP’s
Primary Care Network
NHS Commissioning Support Units
Independent Contractors suchas dentists, opticians, pharmacists
Private Sector Providers
Voluntary Sector Providers
Ambulance Trusts
Clinical Commissioning Groups
Social Care Services
NHS England (NHSE) and NHS Digital (NHSD)
Multi Agency Safeguarding Hub (MASH)
Local Authorities
Education Services
Fire and Rescue Services
Police & Judicial Services
Voluntary Sector Providers
Private Sector Providers
Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for consent for this
to happen when this is required.

Computer System

This practice operates a Clinical Computer System on which NHS Staff record information securely.
This information can then be shared with other clinicians so that everyone caring for you is fully
informed about your medical history, including allergies and medication.

To provide around the clock safe care, unless you have asked us not to, we will make information
available to our Partner Organisation (above). Wherever possible, their staff will ask your consent
before your information is viewed.

Shared Care Records

To support your care and improve the sharing of relevant information to our partner organisations (as
above) when they are involved in looking after you, we will share information to other systems. You
can opt out of this sharing of your records with our partners at anytime if this sharing is based on your
consent.

We may also use extemal companies to process personal information, such as for archiving purposes.
These companies are bound by contractual agreements to ensure information is kept confidential and
secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality
agreement. If a sub-contractor acts as a data processor for [Practice Name] an appropriate contract
(art 24-28) will be established for the processing of your information.

Sharing your information without consent
We will normally ask you for your consent, but there are times when we may be required by law to
share your information without your consent, for example:

. where there is a serious risk of harm or abuse to you or other people;
. Safeguarding matters and investigations
. where a serious crime, such as assault, is being investigated or where it could be
prevented;
. notification of new births;
. where we encounter infectious diseases that may endanger the safety of others, such
as meningitis or measles (but not HIV/AIDS);
. where a formal court order has been issued;
. where there is a legal requirement, for example if you had committed a Road Traffic
Offence.

How long will we store your information?

We are required under UK law to keep your information and data for the full retention periods as
specified by the NHS Records management code of practice for health and social care and national
archives requirements.

More information on records retention can be found online at
(https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-
Care-2016).

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in
touch about these, please contact us. We will seek to deal with your request without undue delay, and
in any event in accordance with the requirements of any applicable laws. Please note that we may
keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data and you do not agree, youhave the right to object. We will
respond to your request within one month (although we may be allowed to extend this period in
certain cases). This is NOT an absolute right sometimes we will need to process your data even if you
object.

Right to withdraw consent: Where we have obtained your consent to process your personal data for
certain activities (for example for a research project, or consent to send you information about us or
matters you may be interested in), you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully),
you have the right to request us to “erase” your personal data. We will respond to your request within
one month (although we may be allowed to extend this period in certain cases) and will only disagree
with you if certain limited conditions apply. If we do agree to your request, we will delete your data but
will need to keep a note of your name/ other basic details on our register of individuals who would
prefer not to be contacted. This enables us to avoid contacting you in the future where your data are
collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data
controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes.

Primary Care Network

The objective of primary care networks (PCNs) is for group practices together to create more
collaborative workforces which ease the pressure of GP’s, leaving them better able to focus on patient
care. The aim is that by July 2019, all areas within England will be covered by a PCN.

Primary Care Networks form a key building block of the NHS long-term plan. Bringing general
practices together to work at scale has been a policy priority for some years for a range of reasons,
including improving the ability of practices to recruit and retain staff; to manage financial and estates
pressures; to provide a wider range of services to patients and to more easily integrate with the wider
health and care system.

All GP practices are expected to come together in geographical networks covering populations of
ap proximately 30-50,000 patients by June 2019 if they are to take advantage of additional funding
attached to the GP contract. This size is consistent with the size of the primary care homes, which
exist in many places in the country, but much smaler than most GP Federations.

This means the practice may share your information with other practices within the PCN to provide
you with your care and treatment.
Population Health Management

Population Health Management (or PHM for short) is aimed at improving the health of an entire
population. It is being implemented across the NHS and this Practice is taking part in a project as a
time limited pilot across named practices in Derby and Derbyshire.

The PHM approach requires health care organisations to work together with communities and partner
agencies, for example, GP practices, community service providers, hospitals and other health and
social care providers. These organisations will share and combine information with each other in
order to get a view of health and services for the population in a particular area. This information
sharing is subject to robust security arrangements.

As part of this programme, personal data about your health care will have all identifiers removed (like
your name or NHS Number) and replaced with a code which will be linked to information about care
received in different health care settings. If we see that an individual might benefit from some
additional care or support, we will send the information back to your GP or hospital provider and they
will use the code to identify you and offer you relevant services.
As part of this programme your GP and other care providers will send the information they hold on
their systems to the North Of England Commissioning Support Unit (NECS). NECS are part of NHS
England. More information can be found here https://www.necsu.nhsuk

NECS will link all the information together. Your GP and other care providers will then review this
information and make decisions about the whole population or particular patients that might need
additional support. NECS work in partnership with a company called Optum to help them with this
work. Both NECS and Optum are legally obliged to protect your information and maintain
confidentiality in the same way that your GP or hospital provider is. More information about Optum
can be found here www.optum.co.uk.

Health and Social Care Providers are permitted by data protection law to use personal information
where it is ‘necessary for medical purposes’. This includes caring for you directly as well as
management of health services more generally.
The PHM project is time-limited to 22 weeks. Once the project has completed all de-identified,
information processed by NECS / Optum will be securely destroyed. This will not affecting personal
information held by your GP or other health or social care providers.

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to
request access to view or to obtain copies of what information the surgery holds about you and to
have it amended should it be inaccurate. To request this, you need to do the following:

. Your request should be made to the Practice. (For information from a hospital or other Trust/
NHS organisation you should write direct to them.
There is no charge to have a copy of the information held about you
We are required to provide you with information within one month
. You will need to give adequate information (for example full name, address, dale of birth,
NHS number and details of your request) so that your identity can be verified, and your
records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the Practice Manager as soon as
any of your details change, this is especially important for changes of address or contact details (such
as your mobile phone number), the practice will from time to time ask you to confirm that the
information we currently hold is accurate and up-to-date.

Online Access

You may ask us if you wish to have online access to your medical record. However, there will be
certain protocols that we have to follow in order to give you online access, including written consent
and production of documents that prove your identity.

Please note that when we give you online access, the responsibility is yours to make sure that you
keep your information safe and secure if you do not wish any third party to gain access.

Third parties mentioned on your medical record
Sometimes we record information about third parties mentioned by you to us during any consultation,
or contained in letters we receive from other organisations. We are under an obligation to make sure
we also protect that third party’s rights as an individual and to ensure that references to them which
may breach their rights to confidentiality, are removed before we send any information to any other
party including yourself.

Our website

The only website this Privacy Notice applies to is the Surgery’s website. If you use a link to any other
website from the Surgery’s website then you will need to read their respective Privacy Notice. We
take no responsibility (legal or otherwise) for the content of other websites.

The Surgery’s website uses cookies. For more information on which cookies we use and how we use
them, please see our Cookies Policy.

CCTV recording

CCTV is installed on our practice premises covering both the external area of the building and the
intemal area excluding consulting rooms. Images are held to improve the personal security of patients
and staff whilst on the premises, and for the prevention and detection of crime. The images are
recorded onto an integral hard drive of the equipment and are overwritten on a rolling basis. Viewing
of these digital images is password protected and controlled by the Practice Manager.

Telephone system

Our telephone system records all telephone calls. Recordings are retained for up to three years, and
are used periodically for the purposes of seeking clarification where there is a dispute as to what was
said and for staff training Access to these recordings is restricted to named senior staff.

Objections / Complaints

Should you have any concerns about how your information is managed at the GP, please contact the
GP Practice Manager or the Data Protection Officer as above. If you are still unhappy following a
review by the GP practice, you have a right to lodge a complaint with a supervisory authority: You
have a right to complain to the UK supervisory Authority as below.

Information Commissioner:
Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel:
https://ico.org.uk/

01625 545745

If you are happy for your data to be used for the purposes described in this privacy notice, then you
do not need to do anything. If you have any concerns about how your data is shared, then please
contact the Practice Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you,
please contact the Data Protection Officer as below.

Data Protection Officer: Sarah McCallum

The Practice Data Protection Officer is Sarah McCallum

Email: sarah.mccallum3@nhs.net
Postal: Mullion & Constantine Group Practice
Willis Vean
Nansmellyon Road
Mullion
HELSTON
TR12 7DQ

Changes:

It is important to point out that we may amend this Privacy Notice from time to time. If you are
dissatisfied with any aspect of our Privacy Notice, please contact the Practice Data Protection Officer.

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.

This privacy notice applies to personal information processed by or on behalf of the practice.

This Notice explains

• Who we are, how we use your information and our Data Protection Officer
• What kinds of personal information about you do we process?
• What are the legal grounds for our processing of your personal information (including when we share it with others)?
• What should you do if your personal information changes?
• For how long your personal information is retained by us?
• What are your rights under data protection laws?

The General Data Protection Regulation (GDPR) became law on 24th May 2016. This is a single EU-wide regulation on the protection of confidential and sensitive information. It enters into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998).

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before Parliament) the practice responsible for your personal data.

This Notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights

How we use your information and the law.

The practice will be what’s known as the ‘Controller’ of the personal data you provide to us.

We collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, contact details such as email and mobile number etc.

We will also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious belief (if required in a healthcare setting) ethnicity, and sex during the services we provide to you and or linked to your healthcare through other health providers or third parties.

Why do we need your information?

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously (e.g. NHS Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which the Practice hold about you may include the following information;

• Details about you, such as your address, carer, legal representative, emergency contact details
• Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations such as laboratory tests, x-rays etc
• Relevant information from other health professionals, relatives or those who care for you

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

How do we lawfully use your data?

We need to know your personal, sensitive and confidential data in order to provide you with Healthcare services as a General Practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with: –

Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”

Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

This Privacy Notice applies to the personal data of our patients and the data you have given us about your carers/family members.

Risk Stratification

Risk stratification data tools are increasingly being used in the NHS to help determine a person’s risk of suffering a condition, preventing an unplanned or (re)admission and identifying a need for preventive intervention. Information about you is collected from a number of sources including NHS Trusts and from this GP Practice. A risk score is then arrived at through an analysis of your de-identified information is only provided back to your GP as data controller in an identifiable form. Risk stratification enables your GP to focus on preventing ill health and not just the treatment of sickness. If necessary, your GP may be able to offer you additional services. Please note that you have the right to opt out of your data being used in this way.

Medicines Management

The Practice may conduct Medicines Management Reviews of medications prescribed to its patients. This service performs a review of prescribed medications to ensure patients receive the most appropriate, up to date and cost-effective treatments.

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

• Data Protection Act 2018
• The General Data Protection Regulations 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or in accordance with the information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.” This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles.

Our practice policy is to respect the privacy of our patients, their families and our staff and to maintain compliance with the General Data Protection Regulations (GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our patients will be protected.

All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. The practice will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for the practice an appropriate contract (art 24-28) will be established for the processing of your information.

In Certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent. If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.

Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified. Sometimes your information may be requested to be used for research purposes – the surgery will always gain your consent before releasing the information for this purpose in an identifiable format.  In some circumstances you can Opt-out of the surgery sharing any of your information for research purposes.

With your consent we would also like to use your information to

We would however like to use your name, contact details and email address to inform you of services that may benefit you, with your consent only. There may be occasions were authorised research facilities would like you to take part on innovations, research, improving services or identifying trends.

At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt out prior to any data processing taking place. This information is not shared with third parties or used for any marketing and you can unsubscribe at any time via phone, email or by informing the practice DPO as below.

Where do we store your information Electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

• NHS Trusts / Foundation Trusts
• GP’s
• eMBED Health
• Independent Contractors such as dentists, opticians, pharmacists
• Private Sector Providers
• Voluntary Sector Providers
• Ambulance Trusts
• Clinical Commissioning Groups
• Social Care Services
• NHS England (NHSE) and NHS Digital (NHSD)
• Local Authorities
• Education Services
• Fire and Rescue Services
• Police & Judicial Services
• Voluntary Sector Providers
• Private Sector Providers
• Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for consent for this to happen when this is required.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure. All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for the practice an appropriate contract (art 24-28) will be established for the processing of your information.

How long will we store your information?

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements. More information on records retention can be found online at (https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016)

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this with a GP to GP data transfer and transfer of your hard copy notes

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

• Your request should be made to the Practice – for information from the hospital you should write direct to them
• There is no charge to have a copy of the information held about you
• We are required to respond to you within one month
• You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the Practice Manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

Your patient record is held securely and confidentially on the electronic system at your GP practice. If you require treatment in another NHS healthcare setting such as an Emergency Department or Minor Injury Unit, those treating you would be better able to give you appropriate care if some of the information from the GP practice were available to them.

This information can now be shared electronically via: The Summary Care Record, used nationally across England

The information will be used only by authorised health care professionals directly involved in your care. Your permission will be asked before the information is accessed, unless the clinician is unable to ask you and there is a clinical reason for access.

If you would like to opt out, please ask reception for our opt out form.

A parent or guardian can request to opt out children under 16 but ultimately it is the GP’s decision whether to create the records or not, because of their duty of care to the child. If you are the parent or guardian of a child under 16 and feel that they are able to understand, then you should make this information available to them.

Who Has Access?

Across all health care settings, including urgent care, community care and outpatient departments in England.

Information Source

GP record

Content

• Your current medications
• Any allergies you have
• Any bad reactions you have had to medicines
• Additional information (upon request to your GP)

For more information visit:

www.digital.nhs.uk

GPs in Training

Our practice is approved to train fully qualified doctors who wish to specialise in general practice. Our GP registrar will have had 2-4 years of experience as a qualified hospital doctor working in various specialities. They consult patients on their own, under the mentorship of our GP trainer, Occasionally we ask permission to video a consultation. You will always be asked in advance and are given the option not to take part, and this will not affect your care in any way. No recording will be taken without your consent and the camera will be switched off on request. These videos are used only for educational purposes with the doctor doing the consultation and are destroyed after use.

GP Registrar

Medical Students

Medical students are sometimes attached to the practice for 2 – 3 weeks as part of their training. If you do not wish a student to be present during your consultation, please inform the receptionist.

The NHS operate a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.